5/22 Using Cisco Configuration Professional to Protect the Network Infrastructure (CCNA Security 640-554 Exam Cram)

5.1 Key Terms

CCP = Cisco Configuration Professional. A web-based router administration tool with a GUI.

Audit = A detailed review of a network, system or collection of processes. Accounting is another word that has a similar function: collecting information about the network.

5.2 Things to Remember

5.2.1 Properties of the Toolbar

Tool Name > Description

Home button > Click this button to display what is called the Community View page. This information summarizes the community information and allows you to add, edit, and even discover new devices. You can also use the Home button to see the device status of each device.

Configure button > If you want to make a change to the configuration or view the existing configuration of the router, you use this Configure button to get to the correct area. From the drop-down list, you can make sure you are configuring the correct router based on its IP address, and then using features selected from the navigation pane on the left, configure the specific elements of the router you want to view or change. Not all features are available for configuration. For example, if a feature such as voice is not supported on a device, that feature is not displayed as a configurable option. Another reason that some of the options may not be configurable is because of the individual who is logged in. With role based access control (RBAC), not every user has to be given full access to configure everything. You can restrict what the administrator can see or configure by using user profiles.

Monitor button > This button displays the router and security features that you can monitor on a specific router. A list of items that can be selected for monitoring is presented in the left navigation pane.

Manage community icon > If you want to view or edit your existing communities, or create a new one, clicking this icon provides those options. From the Manage Community pop-up window, you can also request CCP to “discover” those routers, which means it will log in to them and read the running configuration.

Refresh icon > Clicking the refresh icon instructs CCP to reach out and request the current running configuration from the specified device. This is especially important if changes have been made at the command line of the router after CCP discovered the device. This refresh allows CCP to correctly display the configured settings, including those that were done at the command line, outside of CCP.

Provide feedback to Cisco icon > This icon opens the CCP feedback form, which you can use to send feedback about this product to Cisco Systems.

Help icon > The help icon, which looks like a question mark, opens context-sensitive help that is relevant for the active window.

Search icon > The search feature opens up a new browser window and enables you to search the help documents based on a keyword.

5.3 Command References

Command > Description

ip http server > Enable HTTP services on the router to be managed and discovered (less secure than HTTPS)

ip http secure-server > Enable HTTPS services on the router to be managed and discovered (more secure than HTTP)

username admin privilege 15 secret cisco > Create a local user account on the router with “level 15” permissions and an MD5 hashed password

ip http authentication local > Tell the router to request a username when people connect via HTTP or HTTPS, and to check the username and password against the usernames and password (or secrets) in the running-config

5.4 Command Examples

Preparing the Router to Accept HTTP/HTTPS Connections from CCP

R1 (config)# ip http server

R1 (config)# ip http secure-server

R1 (config)# username admin privilege 15 secret cisco

R1 (config)# ip http authentication local

6 Securing the Management Plane on Cisco ISO Devices

0 Contents and Introduction